A Cybersecurity Education: House Bill 4061

"Now you know, and knowing is half the battle," were words spoken at the end of every G.I. Joe cartoon during the mid-1980s and served as a conclusion to public service announcements. For some reason this statement has always stayed with me and I often use the saying, typically in a sarcastic manner. But late last week and again this morning this 80s era disclaimer resonated once again after the U.S. House of Representatives passed bill 4061, "To advance cybersecurity research, development, and technical standards".

The main tenant of the bill requires President Obama's administration to perform assessments of each agency in order to determine "cybersecurity workforce skills".  Additionally, it establishes a scholarship program to be used by undergrad and grad students who also agree to work for the government as "cybersecurity specialists" after graduating. The push is on to educate the current and future government workforce on all things cyber:

“Investing in cybersecurity is the Manhattan Project of our generation,” Representative Michael Arcuri, Democrat of New York, a sponsor of the bill said on the House floor last week. “But this time around we are facing far greater threat. Nearly every high school hacker has the potential to hamper our unfettered access to the Internet. Just imagine what a rogue state could do.”

Mr. Arcuri said that the federal government will need to hire between 500 and 1,000 more “cyber warriors” each year to keep up with potential enemies. Troops online “are every bit as important to our security as a soldier in our field,” he said.

This is an important step in our ongoing cybersecurity battle. The Senate plans on introducing a companion bill soon and that should be a priority since the new proposed budget, while increasing overall defense and cyber related spending, does cut the Homeland Security Department’s cybersecurity division. The hope is that the separate House/Senate bill(s) will make up for that hit at DHS, while starting to create future cybersecurity experts. It seems as though both the House and Senate are taking the topic of cybersecurity seriously and will earmark funds for cyber education.

Although details are still lacking on what the final bill will look like, the focus on education is welcome since "knowing is half the battle".

Setting The Standard

Next week is my favorite week of the year. It's the Sales Operations meetings held at our headquarters in Austin. Each year we bring the sales people and sales engineers together to review the previous year and preview the year moving forward. More importantly I get to show off.

2009, from all facets, was an incredible year here at BreakingPoint. Sales had an amazing year, with huge growth. Our employee base grew by nearly 30%, much of that being our heavy investment in the security group. We put out 3 major releases and 3 minor releases of our firmware for the BreakingPoint Elite. And our application protocol list now tops more than 100 and our strikes are over 4,300.

This news is certainly exciting, but that was last year. And this is a completely new year and we are ramping up in engineering like you could not imagine. The next firmware release will once again improve the performance of everything from our application protocols, security engine and our SSL. And, of course this is all done without having to replace your blades and at no extra cost. Bet your other vendors don't say that every year.

Next month I'll be putting together a screencast showing you all the features in our next release. I'll save all the juicy bits for then, but here is a teaser of what to expect:

• Five new test labs, including huge strides for mobile networks.
• Changes in the way we are using the NetLogic network processor.
• Switch from using our network processor cores to do SSL, to leveraging the encryption engine on the chip itself (the impact this has on our number of handshakes is staggering).

Last year we changed the way people test their network equipment, this year we will set the standard.

Reminds me of when I worked at Cisco many years ago and Kevin Kennedy (Vice President) would show a slide in which Cisco was compared to other similar companies. There must have been 30 companies listed and at the time 3Com was below us, Lucent ahead of us and all the way at the top were companies like HP. At the time HP was 10x the size of Cisco. Today, Cisco is tens of billions of dollars ahead of HP, with a third of the employees. 

Every year that presentation showed Cisco passing yet another company. We have the same chart for our industry and the same goals, and some companies were ahead of us at the beginning of 2009. During 2009 we passed four of them and this year we will pass four more. And one day, like Cisco, we'll be at the top of everyone else's list.

NOTE: Sometimes Cisco didn't pass a company, the company fell. I'm seeing a lot of that lately, maybe I should send some flowers.

Answers to the Top IPv6 Questions

Media headlines tell us we should be concerned about IPv6. After all, cyber criminals are already "taking advantage of IPv6 vulnerabilities" and we are running out of IPv4 addresses "at an alarming rate". But there are so many unanswered questions around IPv6 and shifting through what is truth and what is hype can be a challenge. We figured we would take on the IPv6 conversation in our next webcast and answer the questions you have been asking:

• What does IPv6 actually mean for my network?
• Will we really run out of IPv4 addresses in 2011?
• Is IPv6 only about address allocation or is it also more secure than IPv4?
• Is the IPv6 standard ready for prime time?
• Are cyber criminals actually using IPv6 today to attack networks?

I'll be moderating the conversation and joined by BreakingPoint CTO Dennis Cox and Software Architect, Brent Cook. Brent wrote the post, "6 Surprising Facts about IPv6" and both gentleman will be taking your questions during the session. Here are the details: